Code-Red: A Case Study on the Spread and Victims of an Internet Worm

Date Added: Jan 2010
Format: PDF

On July 18, 2001, Code-Red (CRv2) worm took less than 14 hours to infect more than 359,000 internet connected computers, resulting in damage worth more than $2.6 billion. The case study tries to study the causes, impact and the safeguards against such attacks. Under this paper, a step by step methodology has been adopted to study the causes the behind such attack. The worms were not optimized for spread but still clocked the peak rate of infecting 2,000 hosts per minute. The paper also studies infected hosts and their attributes such as top-level domain, geographic location and Internet Service Provider (ISP). It was found that the worm mainly targeted home users and small businesses. The impact of DHCP on quantification of infected hosts was also qualified. The main distinctive characteristics of the spread have also been studied. The technology used was helpful in collecting and analyzing the data for the period prior to the attack. It also had global reach. The paper exposes the weakness in the security system of computer connected to the internet and the ways to control the frequency and impact of such attacks. The paper also suggests that mere use of host patching is not enough to protect the systems.